# HG changeset patch # User Goffi # Date 1583515143 -3600 # Node ID 2c0628f3927eb84f256b503505dd61c77c370237 # Parent fc2bea41e40294bf8495e27c3dee459c2d0270d6 plugin download, aesgcm: disable TLS check if `check_certificate` setting is disabled diff -r fc2bea41e402 -r 2c0628f3927e sat/plugins/plugin_misc_download.py --- a/sat/plugins/plugin_misc_download.py Fri Mar 06 18:19:03 2020 +0100 +++ b/sat/plugins/plugin_misc_download.py Fri Mar 06 18:19:03 2020 +0100 @@ -29,6 +29,7 @@ from sat.tools import xml_tools from sat.tools.common import data_format from sat.tools import stream +from sat.tools.web import treq_client_no_ssl log = getLogger(__name__) @@ -163,6 +164,15 @@ # we close the file and only use its name, the file will be opened # by the registered callback dest_path = f.name + + # should we check certificates? + check_certificate = self.host.memory.getParamA( + "check_certificate", "Connection", profile_key=client.profile) + if not check_certificate: + options['ignore_tls_errors'] = True + log.warning( + _("certificate check disabled for download, this is dangerous!")) + try: callback = self._download_callbacks[uri_parsed.scheme] except KeyError: @@ -212,7 +222,15 @@ async def downloadHTTP(self, client, uri_parsed, dest_path, options): url = uri_parsed.geturl() - head_data = await treq.head(url) + if options.get('ignore_tls_errors', False): + log.warning( + "TLS certificate check disabled, this is highly insecure" + ) + treq_client = treq_client_no_ssl + else: + treq_client = treq + + head_data = await treq_.head(url) try: content_length = int(head_data.headers.getRawHeaders('content-length')[0]) except (KeyError, TypeError, IndexError): @@ -228,7 +246,7 @@ progress_id = file_obj.uid - resp = await treq.get(url, unbuffered=True) + resp = await treq_client.get(url, unbuffered=True) if resp.code == 200: d = treq.collect(resp, file_obj.write) d.addBoth(lambda _: file_obj.close()) diff -r fc2bea41e402 -r 2c0628f3927e sat/plugins/plugin_sec_aesgcm.py --- a/sat/plugins/plugin_sec_aesgcm.py Fri Mar 06 18:19:03 2020 +0100 +++ b/sat/plugins/plugin_sec_aesgcm.py Fri Mar 06 18:19:03 2020 +0100 @@ -33,6 +33,7 @@ from sat.core import exceptions from sat.tools import stream from sat.core.log import getLogger +from sat.tools.web import treq_client_no_ssl log = getLogger(__name__) @@ -92,7 +93,15 @@ download_url = parse.urlunparse( ('https', uri_parsed.netloc, uri_parsed.path, '', '', '')) - head_data = await treq.head(download_url) + if options.get('ignore_tls_errors', False): + log.warning( + "TLS certificate check disabled, this is highly insecure" + ) + treq_client = treq_client_no_ssl + else: + treq_client = treq + + head_data = await treq_client.head(download_url) content_length = int(head_data.headers.getRawHeaders('content-length')[0]) # the 128 bits tag is put at the end file_size = content_length - 16 @@ -107,7 +116,7 @@ progress_id = file_obj.uid - resp = await treq.get(download_url, unbuffered=True) + resp = await treq_client.get(download_url, unbuffered=True) if resp.code == 200: d = treq.collect(resp, partial( self.onDataDownload, diff -r fc2bea41e402 -r 2c0628f3927e sat/tools/web.py --- a/sat/tools/web.py Fri Mar 06 18:19:03 2020 +0100 +++ b/sat/tools/web.py Fri Mar 06 18:19:03 2020 +0100 @@ -45,7 +45,7 @@ @implementer(iweb.IPolicyForHTTPS) -class NoCheckContextFactory(ssl.ClientContextFactory): +class NoCheckContextFactory: """Context factory which doesn't do TLS certificate check /!\\ it's obvisously a security flaw to use this class, @@ -64,4 +64,4 @@ #: following treq doesn't check TLS, obviously it is unsecure and should not be used #: without explicit warning -treq_no_ssl = HTTPClient(http_client.Agent(reactor, NoCheckContextFactory)) +treq_client_no_ssl = HTTPClient(http_client.Agent(reactor, NoCheckContextFactory()))